If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I tried to get a bit on, but my programming is not really good in web-development. Do you or somebody else maybe have some working sample code (PHP) for this AJAX-Login-Script on which I could built on?

oh! That could be the reason. the webhoster is a big company which probably has my website on another server than their open xchange (called "webmailer 2.0" at this webhosters side). I don't have this error message right here, but it was something with that I am not "authorized" to access the ressource, will post here later on today the full error message.

Some background - generally this ip check is a security feature. If somebody manages to steal the session cookie set by OX (stored at your browser) and your session ID, he *could* login to your account because the session is already authorized. This would require some criminal effort (network access, local access to the browsers cookie store, browser vulnerabilities etc.) but history shows that such attacks do happen. To add another obstacle to session/cookie stealing we check the IP address which sends the cookie/session id an compare it to the ip address which has initiated the login procedure by entering credentials. Of course it is possible to fake IP addresses but doing a man-in-the-middle attack and even more evil stuff at the internet and through a encrypted connection is much harder than just stealing a session. Atop of this we use whitelisting for HTML E-Mail to minimize the risk of executing script code from external sources which might be a security issue.

@Martin Braun: so this means there's no way for me, to login directly into the "Inbox" of OX without my webhoster helping me?
I understand the security reasons of course, but I wanted to make a user friendly login after a user already logged into an webapplication (SSL crypted). Because who want's to login with username/password twice in two different login forms every day?